Quantum Force – Check Point's new series of security gateways
Check Point has continued to update the range of its software and hardware systems since the end of 2023. New versions of Small Business and Branch Offices (hereinafter referred to as SMB) devices have already been presented. They use ARM processors and a lightweight version of the GAIA operating system – Gaia Embeded.
The 1500 series received the PRO tag and a number designation in the form of the number 5 in the model number – 1535, 1555, 1575, 1595. In addition to these gateways, 6 new models of the Quantum Force Perimeter line were presented at the recently held CPX EMEA 2024 conference. And 4 new models of the Quantum Force High End Enterprise and Data Center line, which use x86 processors and a full version of the GAIA OS operating system. It is worth highlighting separately that ASIC acceleration has begun to be used for 100 Gbit ports.
This article will conduct a comparative analysis of the performance indicators of the new model range with their predecessors.
Small Business and Branch Office
Compared to conventional models, these devices received support for 5G, WiFi6 technologies and an increase in RAM to 4GB, which had a positive effect on the number of simultaneous sessions supported by the gateway.
Below is a comparison table with the characteristics of old and new devices. The following indicators are compared:
throughput in Threat Prevention mode (Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti-Bot, SandBlast Zero-Day Protection functions are active with logging enabled)
number of simultaneous sessions
number of connections per second
throughput in Threat Prevention mode with Smart Accel (Smart Accel is a function that is available only for SMB devices under local management, or through an SMP portal, allows you to optimize the operation of the gateway in TP mode).
Parameter | 1530 | 1535 | 1550 | 1555 |
|---|---|---|---|---|
Throughput in Threat Prevention mode Mbps | 340 | 340 | 450 | 450 |
Throughput in TP mode with Smart Accell Mbps | 440 | 440 | 585 | 600 |
Number of simultaneous sessions | 500,000 | 1,000,000 | 500,000 | 1,000,000 |
Number of connections per second | 10,500 | 10,500 | 14,000 | 14,000 |
Table 1 – Comparison of 1530/1550 gateways with 1535/1555 versions
Parameter | 1570 | 1575 | 1590 | 1595 |
|---|---|---|---|---|
Throughput in Threat Prevention mode Mbps | 500 | 500 | 660 | 660 |
Throughput in TP mode with Smart Accell Mbps | 650 | 650 | 860 | 900 |
Number of simultaneous sessions | 500,000 | 1,000,000 | 500,000 | 1,000,000 |
Number of connections per second | 15,750 | 15,750 | 21,000 | 21,000 |
Table 2 – Comparison of gateways 1570/1590 with 1575/1595 versions
Based on the tables, we can conclude that increasing the amount of RAM allowed the gateway to increase the limits on the number of simultaneous sessions. Bandwidth for these devices has not changed globally.
The older versions of the SMB model range have also been updated relatively recently. They received numbers 1900 instead of 1600 and 2000 instead of 1800. These models showed significant improvements in performance. In particular, the gateways received a new 24-core processor (compared to 12-core in regular versions), two 2.5Gbit copper ports, 4 10Gbit optical ports and an increase in RAM to 16GB (from 8GB in older versions).
Let's compare the characteristics of old and new devices.
Parameter | 1600 | 1900 | 1800 | 2000 |
|---|---|---|---|---|
Throughput in Threat Prevention mode Gbps | 1.5 | 4 | 1.5 | 5 |
Throughput in TP mode with Smart Accell Gbps | 2 | 5.2 | 2 | 6.5 |
Number of simultaneous sessions | 2,400,000 | 4,200,000 | 2,400,000 | 4,200,000 |
Number of connections per second | 55,000 | 90,000 | 55,000 | 100,000 |
Table 3 – Comparison of 1600/1800 gateways with 1900/2000 versions
Based on the comparison results, it is clear that the updated model range has significantly improved performance compared to older devices. In particular, a large increase in throughput, the number of simultaneous sessions, and connections per second is visible.
Quantum Force Perimeter
In addition to updating its SMB lineup, Check Point introduced a new Perimeter lineup aimed at midsize businesses. The current 6000 series gateways were replaced by 6 devices of the 9000 series, called Quantum Force. Specifically, these are the 9100, 9200, 9300, 9400, 9700 and 9800 security gateways. This article will not cover all gateways in this series. For comparison, 9100, 9400, 9800 devices and their previous versions were selected.
Let's start with the youngest gateway in this series – 9100.
The basic model includes:
1x CPU, 4 physical and 8 logical cores in total (versus 2 physical cores in the 6200 gateway)
16GB RAM expandable up to 64GB
10x RJ45 ports
Supported port expansion cards:
8x 1/10GBASE-F SFP+
4x 10/25GBASE-F SFP28
The average in the model range is 9400.
The basic model includes:
1x CPU, 14 physical and 20 logical cores in total (versus 6 physical and 12 logical cores in the 6700 gateway)
16GB RAM expandable up to 64GB
10x RJ45 ports
4x 1/10GbE SFP+ ports
Supported port expansion cards:
The oldest in the series is 9800.
The basic model includes:
1x CPU, 20 physical and 40 logical cores in total (versus 16 physical and 32 logical cores in the 7000 gateway)
32GB RAM expandable up to 128GB
6x RJ45 ports
4x 1/10GbE SFP+ ports
Supported port expansion cards:
Next, we will create a table with the main indicators of gateways. The following parameters are considered:
Throughput in Threat Prevention mode (uses Firewall, App Control, URLF, IPS, Anti-Malware and SandBlast functions with logging enabled).
Bandwidth in Firewall mode.
Number of simultaneous sessions.
Number of connections per second.
Parameter | 6200 | 9100 | 6700 | 9400 | 7000 | 9800 |
|---|---|---|---|---|---|---|
Throughput in Threat Prevention mode Gbps | 1.8 | 4.95 | 5.8 | eleven | 9.5 | 20 |
Throughput in Firewall mode Gbps | 9 | 55 | 26 | 72.6 | 48 | 185 |
Number of simultaneous sessions | 2,000,000 | — | 2,000,000 | 2,750,000 | 4,000,000 | 7,000,000 |
Number of connections per second | 67,000 | 100,000 | 164,000 | 355,000 | 330,000 | 715,000 |
Table 4 – comparison of 6000 series gateways with 9000 series
As a result, it can be seen that the device performance has approximately doubled in both FW and TP modes.
Quantum Force High end Enterprise and Data Center
Next we move on to the updated High End Enterprise and Data Center model range. In particular, the current 16,000, 16,200, 26,000 and 28,000 were replaced by new devices 19,100, 19,200, 29,100, 29,200. This series also belongs to Quantum Force.
HIGH END ENTERPRICE APPLIANCE
Model 19 100 in its basic configuration includes:
2x CPU, 32 physical and 64 logical cores in total (versus 16 physical and 32 logical cores in the 16,000 gateway)
64GB RAM expandable up to 128GB
2x 1/10Gbit copper ports
2x 25Gbit optical ports
8x 10Gbit optical ports
Supported port expansion cards:
8×1/10GBASE-F SFP+ cards, up to 32 ports
4×10/25GBASE-F SFP28 cards, up to 18 ports
2×40/100GBASE-F QSFP28 cards, up to 8 ports
Model 19 200 in its basic configuration includes:
2x CPU, 40 physical and 80 logical cores in total (versus 24 physical and 48 logical cores in the 16,200 gateway)
96GB RAM expandable up to 128GB
2x 1/10 Gbit copper ports
2x 25Gbit optical ports
8x 10Gbit ports
Supported port expansion cards:
8×1/10GBASE-F SFP+ cards, up to 32 ports
4×10/25GBASE-F SFP28 cards, up to 18 ports
2×40/100GBASE-F QSFP28 cards, up to 8 ports
Next, we will conduct a comparative analysis and compile a table with the characteristics of the new gateways and their predecessors.
Parameter | 16000 | 19100 | 16200 | 19200 |
|---|---|---|---|---|
Throughput in Threat Prevention mode Gbps | 12 | 28.8 | 15 | 36.9 |
Throughput in Firewall mode Gbps | 58 | 200 | 78.3 | 245 |
Number of simultaneous sessions | 8,000,000 | 12,400,000 | 8,000,000 | 21,000,000 |
Number of connections per second | 375,000 | 750,000 | 435,000 | 1,000,000 |
Table 5 – comparison of gateways 16,000/16200 with 19,000 series
The comparison shows a twofold increase in the performance of the new gateways due to more powerful processors and more RAM.
DATA CENTER APPLIANCE
Model 29 100 in its basic configuration includes:
2x CPU, 56 physical and 112 logical cores in total (versus 36 physical and 72 logical cores in the 26,000 gateway)
128GB RAM expandable up to 256GB
2x 1/10 Gbit copper ports
2x 25Gbit optical ports
8x 10Gbit ports
Supported port expansion cards:
8×1/10GBASE-F SFP+ cards, up to 56 ports
4×10/25GBASE-F SFP28 cards, up to 30 ports
2×40/100GBASE-F QSFP28 cards, up to 14 ports
Model 29 200 in its basic configuration includes:
2x CPU, 64 physical and 128 logical cores in total (versus 36 physical and 72 virtual cores in the 28,000 gateway)
128GB RAM expandable up to 256GB
2x 1/10 Gbit copper ports
2x 25Gbit optical ports
8x 10Gbit ports
Supported port expansion cards:
8×1/10GBASE-F SFP+ cards, up to 56 ports
4×10/25GBASE-F SFP28 cards, up to 30 ports
2×40/100GBASE-F QSFP28 cards, up to 14 ports
Next, we will conduct a comparative analysis and compile a table with the characteristics of the new gateways and their predecessors.
Parameter | 26000 | 29100 | 28000 | 29200 |
|---|---|---|---|---|
Throughput in Threat Prevention mode Gbps | 24 | 47.4 | thirty | 63.5 |
Throughput in Firewall mode Gbps | 106.2 | 365 | 145 | 500 |
Number of simultaneous sessions | 10,000,000 | 30,000,000 | 10,000,000 | 30,000,000 |
Number of connections per second | 500,000 | 1,250,000 | 615,000 | 1,500,000 |
Table 6 – comparison of 26000/28000 series gateways with 29000 series.
As in previous comparisons, a twofold increase in gateway performance is visible.
Conclusion
The new model range has greatly expanded the capabilities of Check Point hardware and software systems, showing a twofold increase in performance at relatively the same price as the previous series. Considering that Check Point, in the context of protecting the network perimeter, is primarily the GAIA OS operating system, which uses machine learning and artificial intelligence technologies, various proprietary solutions and optimizations, more powerful devices will expand the capabilities of the system in future software releases.
Useful resources:
The article was prepared by Feodor Zhemchuzhnikov, System Engineer TS Solution
